We Recommend

My Discussions

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) is an encryption standard developed by Phil Zimmerman in 1991. PGP began as a symmetric encryption system that used the same cryptographic key to both encrypt and decrypt information. Eventually the program became an implementation of public key cryptography, which uses separate keys to encode and decode data.

In PGP systems, users each have a set of two keys. One is public any may be shared with anyone that wants to send data to the user, and the other is private and is used only to decrypt sent data. PGP programs can store multiple private keys, as well as the public keys of friends, in files called "keyrings."

PGP programs also must allow users to digitally attach their "signature" to an encrypted file, which is the functional equivalent of a return address—it allows targeted recipients to know who the message is coming from, absent an identifying email address or other information. Most often, public key cryptography in PGP uses RSA encryption algorithms with keys of 1024 bits. While these are vulnerable to side-channel attacks, once encoded, even multiple powerful computers running in parallel would take thousands of years to interpret the encrypted data.

Since its creation, PGP has simultaneously traveled both commercial and open paths: Zimmerman started PGP Inc., a company that was sold to Symantec in 2010, while a standard named OpenPGP remains free and allows developers to make their own PGP systems. OpenPGP is slated to become an internet standard, as curated by the Internet Engineering Task Force.

The Free Software Foundation maintains a free, OpenPGP client named Gnu Privacy Guard (GnuPG) that is available in both graphical and command line implementations.